In a typical computer system, a memory controller or a memory controller hub (MCH) routes data in between various devices within the computer system, such as, a processor, a main memory, a graphics chip, a peripheral device, etc. Some of the devices of the computer system are referred to as trusted agents because it is safe to send secured data to these devices. For example, the Central Processing Unit (CPU) is a trusted agent in one computer system. The remaining devices are referred to as non-trusted agents.
The MCH in the computer system allows software to allocate memory space in a memory map for various devices in the computer system. When the computer system is initialized, the basic input/output software (BIOS) programs a set of configuration registers in the MCH to define a memory map for the computer system.
FIG. 1 shows an example of the memory map 100. The bottom portion 120 of the memory map 100 is assigned to the main memory of the computer system. Memory portions 111, 113, and 115 are respectively assigned to devices A, B, and C of the computer system. Usually, the portions of the memory map for the devices do not overlap with each other or with the portion for the main memory. To route data within the computer system, the MCH decodes the destination address of the data to determine in which device's address range the destination address falls into. Then the MCH routes the data to that device.
An existing address decoder in a MCH is shown in FIG. 2. The address decoder includes a number of address comparators 210 connected in parallel. Each comparator compares the destination address of the data with an address range of a device within the system. The values of cfg_bitsA 203, cfg_bitsB 205, and cfg_bitsC 207 represent the address ranges of devices A, B, and C respectively. The address range of the main memory is represented by cfg_bitsN 209. If the destination address falls within the address range of a device, the corresponding comparator outputs a signal to enable the MCH to route the data to the device. Since each comparator is independent of the other comparators, the same data may be written to multiple devices when the address ranges of the multiple devices overlap with each other and the destination address falls into the overlapped range. For example, referring to the memory map 300 in FIG. 3, the address range of device C 315 overlaps with the address range of the main memory 320. When the destination address of the data falls within the overlapping address range 315, the data is written to both the main memory and device C.
Some software may be used to exploit the fact that data is sent to multiple locations when address ranges overlap in order to steal secured data from the computer system. For example, the software reprograms the address range of a non-trusted agent, e.g., a peripheral device, to overlap with the address range of a trusted agent. When the trusted agent accesses the secured data, the non-trusted agent receives the secured data as well if the destination address of the secured data falls into the address range shared by both the trusted agent and the non-trusted agent. However, it is impractical to bar reprogramming of the address ranges of peripheral devices because other legitimately operating software applications may reprogram the address ranges from time to time.